[Dshield] Strange activity..

Micheal Patterson micheal at cancercare.net
Thu Jun 26 16:04:10 GMT 2003

----- Original Message ----- 
From: "Ed Truitt" <ed.truitt at etee2k.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Thursday, June 26, 2003 9:17 AM
Subject: Re: [Dshield] Strange activity..

> Did you notice any probes against port 3268?  I had one day about a
> month ago when someone hit both 389 and 3268, which indicates to me they
> were looking for Win2K Domain Controllers (3268 is the Global Catalog
> port).  The day that happened, DShield reported a spike in the number of
> targets/probes, though the # of sources stayed about the same.  I
> haven't seen that combination since.  Unfortunately, I had my tarpit
> shut down Monday, as I left town on a short vacation
> -- 
> ---
> Cheers,
> Ed Truitt
> PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
> http://www.etee2k.net
> http://www.bsatroop148.org

No traffic to 3268 at all during the scan times. It's only happened that one
day but with the varying sources, I wasn't sure if there was something that
I'd missed or not. Either way, all traffic was denied at the firewall so no
harm done, but it was a bit curious to say the least.


Micheal Patterson
TSG Network Administration

More information about the list mailing list